Top

Computing

Published in:

25-08-2018

Policy expressions and the bottom-up design of computing policies

Authors: Rezwana Reaz, H. B. Acharya, Ehab S. Elmallah, Jorge A. Cobb, Mohamed G. Gouda

Published in: Computing | Issue 9/2019

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

A policy is a sequence of rules, where each rule consists of a predicate and a decision, and where each decision is either “accept” or “reject”. A policy P is said to accept (or reject, respectively) a request iff the decision of the first rule in P, that matches the request is “accept” (or “reject”, respectively). Examples of computing policies are firewalls, routing policies and software-defined networks in the Internet, and access control policies. In this paper, we present a generalization of policies called policy expressions. A policy expression is specified using one or more policies and the three policy operators: “not”, “and”, and “or”. We show that policy expressions can be utilized to support bottom-up methods for designing policies. We also show that each policy expression can be represented by a set of special types of policies, called slices. We present several algorithms that use the slice representation of given policy expressions to verify whether the given policy expressions satisfy logical properties such as adequacy, implication, and equivalence. Finally, we present 19 equivalence laws of policy expressions.

previous article Special issue on NETYS’17 selected papers

next article On understanding price-QoS war for competitive market and confused consumers

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Available only for authorised users

Acharya HB, Joshi A, Gouda MG (2010) Firewall modules and modular firewalls. In: Proceedings of the 18th IEEE international conference on network protocols (ICNP). IEEE, pp 174–182

Acharya HB, Kumar S, Wadhwa M, Shah A (2016) Rules in play: on the complexity of routing tables and firewalls. In: Proceedings of the 24th IEEE international conference on network protocols (ICNP). IEEE

Elmallah ES, Gouda MG (2014) Hardness of firewall analysis. In: Proceedings of the 2nd international conference on NETworked sYStems (NETYS), Lecture Notes in Computer Science, vol 8593. Springer, pp. 153–168

Gouda MG, Liu AX (2007) Structured firewall design. Comput Netw 51(4):1106–1120CrossRefMATH

Heule MJ, Reaz R, Acharya HB, Gouda MG (2016) Analysis of computing policies using sat solvers (short paper). In: Proceedings of the 18th international symposium on stabilization, safety, and security of distributed systems. Springer, pp 190–194

Hoffman D, Yoo K (2005) Blowtorch: a framework for firewall test automation. In: Proceedings of the 20th IEEE/ACM international conference on automated software engineering (ASE). ACM, pp 96–103

Kamara S, Fahmy S, Schultz E, Kerschbaum F, Frantzen M (2003) Analysis of vulnerabilities in internet firewalls. Comput Secur 22(3):214–232CrossRef

Khoumsi A, Erradi M, Ayache M, Krombi W (2016) An approach to resolve np-hard problems of firewalls. In: Proceedings of the 4th international conference on NETworked sYStems (NETYS). Springer

Khoumsi A, Erradi M, Krombi W (2016) A formal basis for the design and analysis of firewall security policies. J King Saud Univ Comput Inf Sci 30(1):51–66

10.

Khoumsi A, Krombi W, Erradi M (2014) A formal approach to verify completeness and detect anomalies in firewall security policies. In: Proceedings of the 7th international symposium on foundations and practice of security. Springer, pp 221–236

11.

Krombi W, Erradi M, Khoumsi A (2014) Automata-based approach to design and analyze security policies. In: Proceedings of the 12th annual international conference on privacy, security and trust (PST). IEEE, pp 306–313

12.

Liu AX, Gouda MG (2008) Diverse firewall design. IEEE Trans Parallel Distrib Syst 19(9):1237–1251CrossRef

13.

Mayer A, Wool A, Ziskind E (2000) Fang: a firewall analysis engine. In: Proceedings of IEEE symposium on security and privacy. IEEE, pp 177–187

14.

Papadimitriou CH (2003) Computational complexity. Wiley, New YorkMATH

15.

Reaz R, Acharya HB, Elmallah ES, Cobb JA, Gouda MG (2017) Policy expressions and the bottom-up design of computing policies. In: Technical report no. TR-17-01, Department of Computer Science, The Universisty of Texas at Austin. https://apps.cs.utexas.edu/apps/tech-reports

16.

Reaz R, Ali M, Gouda MG, Heule MJ, Elmallah ES (2015) The implication problem of computing policies. In: Proceedings of the 17th international symposium on stabilization, safety, and security of distributed systems. Springer, pp 109–123

17.

Wool A (2004) A quantitative study of firewall configuration errors. Computer 37(6):62–67CrossRef

18.

Zhang S, Mahmoud A, Malik S, Narain S (2012) Verification and synthesis of firewalls using SAT and QBF. In: Proceedings of the 20th IEEE international conference on network protocols (ICNP). IEEE, pp 1–6

Title: Policy expressions and the bottom-up design of computing policies
Authors: Rezwana Reaz
H. B. Acharya
Ehab S. Elmallah
Jorge A. Cobb
Mohamed G. Gouda
Publication date: 25-08-2018
Publisher: Springer Vienna
Published in: Computing / Issue 9/2019
Print ISSN: 0010-485X
Electronic ISSN: 1436-5057
DOI: https://doi.org/10.1007/s00607-018-0655-0

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Other articles of this Issue 9/2019

EPiC: efficient privacy-preserving counting for MapReduce

Competitive clustering of stochastic communication patterns on a ring

On understanding price-QoS war for competitive market and confused consumers

A fully distributed learning algorithm for power allocation in heterogeneous networks

Special issue on NETYS’17 selected papers

Editorial, special issue of NETYS 2015

Premium Partner